Custom Search

Cyber Security:

Spotting a Phishing E-Mail

Phishing attacks often appear plausible at first glance. However there are often signs within the e-mail that should make you very cautious about clicking on any links or giving any personal information to the supposed sender.

The following should put you 'on guard':

Poor use of the English language

Most English-language phishing scams are sent from countries where English is not the primary language. Therefore attackers can give themselves away by a poor use of the English language:

odd phraseology

poor punctuation and

spelling errors.

However, some phishing scam organisers now employ people with excellent English language skills to write their scam e-mails for them.

The addressee

Many, but not all, phishing attacks do not use your name in the introduction because they cannot personalise the emails sufficiently well enough.

They therefore prefer using something generic like:

'Dear valued customer,' or

'Dear user,'.

If it was from your bank, or an online store it usually addresses you as 'Dear Johnny,' or 'Dear Mr Depp,' (or whatever your name is).

However, because so many millions of user details have been revealed by data breaches it is quite possible for a phishing e-mail to use your personal details.

Poor quality images

Sometimes, the images used in the emails are fuzzy, or your information may appear as an image rather than type. These images have been copied from screens and would not be used by original companies.

However, it is easy to obtain images every bit as good as the originals, so a high quality image should not persuade you the message is genuine.

Content of the email

In almost all countries, banks and other financial bodies will not email you to tell you about problems with your account.

They recognise that email is fundamentally insecure and that personal information should not be sent by email.

So be suspicious of any 'alert' you get via e-mail and phone or log into your account via their app or website to check whether there is a problem. Never use links, telephone numbers or addresses written in the email.

False sense of urgency

The email may also give a false sense of urgency, claiming that your account is at risk if you do not act quickly or you will miss out on a great deal if you do not act now!

Links

The text of a web link is not the same as the destination of the link itself – the link might say it is taking you to, for example http://www.trustedbank.com, but in fact it can take you anywhere on the web – including to a phisher's computer impersonating that of a reputable company.

You can spot some fake links by hovering your mouse pointer over the link – but do not click the button. The actual destination of the link will appear at the bottom of the window of your PC or in a small floating window next to the link.

In a phishing email, the link will probably be to an address you aren't familiar with.

Other fake links may display a genuine destination when you hover over them, but still take you to a fake website because code in the page intercepts the link and sends your click elsewhere.

So NEVER click on a link in an e-mail!

 

Trust your Spidey Sense

It is amazing how good people are at noticing things in an email that seem 'weird'. They find themselves becoming 'uncomfortable' when they look at it.

Their Spidey Sense is tingling!

They then can look carefully at it and begin to notice why they instinctively thought it was odd. Then they take steps to contact the supposed sender - by another route - and find out if it was genuine after all.

 

People often deal with 'weird' in real emails.

Many messages can be 'a little bit off'.

Sometimes your boss is having a bad day, or the bank changes its polices.

No email message is perfect, and people are often attuned to that. But err on the side of caution

The example message below claims to come from a fictional site called 'ePay' and is about unauthorised activity on the account. By now you know it is best to be suspicious and to look carefully at the details of the message, the language, the quality of the images and where the links actually take you.

The link says it goes to ePay's site, but when hovered over the address revealed is slightly different from the official one. It is not ePay.com but ePay-secure-check.com - a completely different domain!

It is unlikely to be owned by 'ePay' but will fool some into thinking it must be.

Banks and shops always prefer you to call them and check rather than risking your security.